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Box No. I Basis of the report 



1. With regard to the language, this report is based on the international application in the language in vfhidi. it was fQed, unless 
o&earwise indicated under this item. 

I I This report is based on a translation fxm the original language into tiiefo^ , 

which is the language of a translation furnished for the purposes of: 

I I international search (under Rules 12.3 and 23.1(b)) 

I I publication of the international application (under Rule 12.4) 

I I international preluninary examination (under Rules 55.2 and/or 55.3) 

2. Wi& regard to the elements of the international plication, this report is based on (replacement sheets which have been 
Jumished to the receiving Office in response to an invitation under Articie 14 are referred to in this rqfort as "originally filed" 
and are not annexed to this r^ort): 

I I the intemational plication as originally filed/fonished 
the description: 

pages 1-28 . as originally filed/fbroished 

pages* received by this Authority on 

pages* ^ received by this AuthOTity on 

the claims: 

pages ^ ^ origmally filed/furnished 

pages* as amended (together with any statement) under Article 19 

pages* 29-33 received by to Authority on 16-06-2004 

pages* received by dns Authority on 

IXI ^6 drawings: 

pages 1-8 as originally filed/furnished 

pages* received by this Authority on 

pages* received by this Au&ority on \ 

I I a sequence listing and/or any related table(s) - see Siqpplanental Box Relating to Sequence listing. 

3. I I Hie amendments have resulted in the cancellation o£ 

I I the description, pages ^ 

I I die claims, Nos. 

I I the drawings, sheets/figs 

the sequence listing (specijy)i ^ 

I \ any table(s) related to the sequence listing (JgpecCg;): 



I I Hus report has been established as if (some of) the amendments annexed to this report and listed below had not been 
made, since they han^e been considered to go b^ond tiie disclosure as filed, as indicated in die Siqyplemental Box (Rule 
70J2(c)). 

I I the description, pages 

□ 

the claims, Nos. 



die drawings, sheets/figs - 

I I the sequence listing ("^ec^^: 

I I any taible(s) related to the sequence listmg (specify): 



* If item 4 applies, some or all of those sheets may be marked "superseded ' 
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Box No. V Reasoned statement under Article 35(2) with regard to novelty, inventive step or liidiistrial appUcablHty; 
citations and explanations supporting such statement 



1. Statement 

YES 



Novelty (N) Qaims 1-24 



aaims ^ 



Iiventive step (IS) Oaims 1-24 



YES 

aaims 



Industrial appUcabiUty (lA) Claims 1-24 



YES 
NO 



2. Citations and explanations (Rule 70.7) 
Documents cited in the International Search Report: 

Dl. Kristol, D. et al:"HTTP State Management Mechanism", 
October 2000. Request for Comments: 2965. 
D2. US 2002055912 Al 

The present application is concerned with the problem how to 
make sure that a user has acquainted the policy associated 
with a certain cookie. 

Dl, which is considered to represent the most relevant state 
of the art, discloses a way for an origin server to send state 
information (cookies) to a user agent, and for the user agent 
to return the state information to the origin server. The 
information exchange is initiated by the origin server, which 
sends a «Set-Cookie2 response header" to the client. The user 
agent returns a Cookie request header, if it chooses to 
continue the session (see chapter 3.2). The user agent rejects 
cookies according to certain rules (see chapter 3.3.2). 

The solution according to Dl allows the user to have 
considerable control over cookie management. For exaii5>le, the 
user agent can present a dialog to the user before the user 
agent accepts a cookie (see page 10, line 36-38) . The user 
agent may discard any cookie it receives that the user has 
not, through some user agent mechanism, deemed acceptable 
(page 11, line 6-8) . Further more, for privacy reasons, a user 
should be able to find out how a web site plans to use 
information in a cookie and should be able to choose whether 
or not those policies are acceptable (see chapter 6, line 1- 
5). The server's cookie policies are described in the comment 
attribute of the cookies. Thus, a user can inspect the 
information to decide whether or not to accept the cookie (see 
page 6, line 1-7) . 
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Supplemental Box 



In case the space in any of the precedhig boxes is not sufficient. 
Condniiation of: BoX V 



D2 is a backgroTind art document and is not considered to be of 
any particular relevance. 

The invention differs from Dl in that the origin server in Dl 
is never informed whether the user has acquainted the provided 
policy report. This is in contrast to the invention, where the 
user agent receives the privacy policy from the origin server. 
There are no suggestions in Dl that would lead the skilled 
person to include this feature in the system in Dl. Therefore, 
the invention claimed in claims 1-24 is novel, includes an 
inventive step and has industrial applicability. 
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CLAIMS 

1. A method of managing cookies in a data processing system (1) comprising 
a user agent (100) requesting a resource associated with a cookie from a 
content provider (200), said method comprising the step of said user agent 
(100) transmitting, in response to reception of a privacy policy associated with 
said cookie, a cookie-policy receipt to said content provider (200), said cookie- 
policy receipt specifying whether a user associated with said user agent (100) 
accepts that said content provider (200) provides said cookie to user 
equipment (300) associated with said user agent (200). 

2. The method according to claim 1 , further comprising the step of including 
said cookie-policy receipt in a resource fetch message transmitted from said 
user agent (100) to said content provider (200). 

3. The method according to claim 1, further comprising the steps of: 

said user agent (100) comparing said received privacy policy with 
user preference, said user preference specifying a cookie privacy poUcy 
accepted by said user; and 

said user agent (100) generating said cookie-policy receipt based on 

said comparison. 

4. The method according to claim 3, wherein, if said received privacy policy 
does not fulfill said user preference, said method comprising the steps of: 

said user agent (100) presenting said received privacy policy for said 
user on said user equipment (300); and 

said user agent (100) generating, in response to a user-input signal, 
said cookie-poliQr receipt. 

5. The method according to claim 1, further comprising the steps of: 

said user agent (100) presenting said received privacy policy for said 
user on said user eqiupment (300); and 

said user agent (100) generating, in response to a user-input signal, 
said cookie-policy receipt. 
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6. The method according to claim 1, further comprising the step of 
authenticating said cookie-policy receipt with an authentication key (135j 355) 
associated with said user agent (100). 

7. The method according to claim 1, wherein, if said cookie-poUcy receipt is 
specifying that said user does not accept that said content provider (200) 
provides said cookie to said user equipment (300), said method comprising the 
step of removing a stored cookie associated with said requested resource from 
a storage (330) in said user equipment (300). 

8. The method according to claim 1, wherein, if said cookie-poHcy receipt is 
specifydng that said user does not accept that said content provider (200) 
provides said cookie to said user equipment (300), said method comprising the 
step of ignoring a cookie request command transmitted from said content 
provider (200) to said user agent (100). 

9. A method of providing cookies in a data processing system (1) comprising 
a user agent (100) requesting a resource associated with a cookie from a 
content provider (200), said method comprising the steps of: 

- transmitting a privacy poUcy associated with said cookie to said user 

agent (100); and 

- said content provider (200) providing, in response to reception of a 
cookie-poUcy receipt from said user agent (100), said cookie to user equipment 
(300) associated with said user agent (100) if said cookie-policy receipt is 
specifying that a user associated with said user agent (100) accepts that said 
content provider (200) provides said cookie to said user equipment (300). 

10. The method according to claim 9, wherein said cookie-poUcy receipt is 
received in a resoiorce fetch message transmitted from said user agent (100). 

11. The method according to claim 9, wherein, if said cookie-poUcy receipt is 
specifying that said user accepts that said content provider (200) provides said 
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cookie to said user equipment (300), said method comprising the step of 
providing said cookie-associated resource. 

12. A user agent (100) provided in a data processing system (1) for requesting 
a resource associated with a cookie from a content provider (200), said user 
agent (100) comprising means for transmitting (110), in response to reception 
of a privacy policy associated vwth said cookie, a cookie-poUcy receipt to said 
content provider (200), said cookie-poUcy receipt specifying whether a user 
associated with said user agent (100) accepts that said content provider (200) 
provides said cookie to user equipment (300) associated vwth said user agent 
(100). 

13. The user agent according to claim 12, wherein said transmitting means 
(110) being adapted for including said cookie-poUcy receipt in a resovirce fetch 
message transmitted to said content provider (200). 

14. The user agent according to claim 12, further comprising: 

- means for comparing (160) said received privacy poUcy with user 
preference, said user preference specifying a cookie privacy poUcy accepted by 
said user; and 

- means for generating (125), connected to said comparing means 
(160), said cookie-policy receipt based on said comparison. 

15. The user agent acco«iing to claim 14. further comprising means for 
presenting (110) said received privacy poUcy for said user on said user 
equipment (300) if said privacy poUcy does not fulfill said user preference, said 
generating means (125) being adapted for generating said cookie-poUcy receipt 
in response to a user input signal. 



16. The user agent according to claim 12, further comprising: 

means for presenting (1 10) said received privacy policy for said user 
on said user equipment (300); and 
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means for generating (125) said cookie-policy receipt in response to 
a user input signal. 

17. The user agent according to claim 12, further comprising means for 
authenticating (130) said cookie-policy receipt with an authentication k^ 
(135; 355) associated with said user agent (100). 

18. The user agent according to claim 12, further comprising means for 
removing (140) a stored cookie associated with said requested resource from a 
storage (330) in said user equipment (300) if said cookie-policy receipt is 
specifying that said user does not accept that said content provider (200) 
provides said cookie to said user equipment (300). 

19. A content provider (200) adapted for providing a requested resource 
associated with a cookie to a user agent (100) in a data processing system (1), 
said content provider (200) comprises: 

means for transmitting (210), in response to a resource request from 
said user agent (100), a privacy policy associated with said cookie to said user 
agent (100); and 

means for providing (230), in response to a cookie-policy receipt 
transmitted from said user agent (100), said cookie to user equipment (300) 
associated with said user agent (100), said cookie providing means (230) being 
adapted for providing said cookie if said cookie-policy receipt is specifying that 
a user associated with said user agent (100) accepts that said content provider 
(200) provides said cookie to said user equipment (300). 

20. The content provider according to claim 19, wherein said cookie-policy 
receipt is received in a resource fetch message transmitted from said user 
agent (100). 

21. The content provider according to claim 19, further comprising means for 
providing (240) said cookie-associated resource if said cookie-policy receipt is 
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specifying that said user accepts that said content provider (200) provides said 
cookie to said user equipment (300). 

22. A system for managing cookies in a data processing system (1) 
comprising a user agent (100) requesting a resource associated with a cookie 
from a content provider (200), said system comprising: 

means for providing (240) a privacy policy associated with said 

cookie; 

means for transmitting (110) a cookie-policy receipt, said receipt 
transmitting means (110) being responsive to said privacy policy; and 

means for providing (230) said cookie in response to said cookie- 
policy receipt specifying that a user associated with said user agent (100) 
accepts that said content provider provides (200) said cookie to user 
equipment (300) associated with said user agent (100). 



